{"id":"CVE-2017-9527","details":"The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.","modified":"2026-02-24T01:11:57.600512Z","published":"2017-06-11T17:29:00.160Z","references":[{"type":"ADVISORY","url":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"},{"type":"ADVISORY","url":"https://github.com/mruby/mruby/issues/3486"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"},{"type":"REPORT","url":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"},{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/3486"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"},{"type":"FIX","url":"https://github.com/mruby/mruby/issues/3486"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"},{"type":"EVIDENCE","url":"https://github.com/mruby/mruby/issues/3486"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"fixed":"5c114c91d4ff31859fcd84cf8bf349b737b90d99"}]}],"versions":["1.0.0","1.1.0","1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9527.json","vanir_signatures":[{"digest":{"length":547,"function_hash":"286219651794874583022066205112029788158"},"id":"CVE-2017-9527-0b64423d","signature_type":"Function","deprecated":false,"source":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99","signature_version":"v1","target":{"file":"src/gc.c","function":"mark_context_stack"}},{"digest":{"line_hashes":["239328260997774354437319465623085189723","278749016881778886418842281945883168779","113515937360586162616117102418961035864","185062502001950100527544536542242255813","94831734521497849468177636311830953652","136229001971788190294863844937971499822","215219651310723059012235489279416079175","317851459485684649508170802408184894780","241504984179936146407905117891020266225","247869340733954520892314820391799532118","43035428114706040117447406129172114308","139392374937586911940466184861622959537","108587633537507210242609878158511307392","173878156555487118740790950504304142821","104076392047553672763771949455293999536"],"threshold":0.9},"id":"CVE-2017-9527-76c1b6a1","signature_type":"Line","deprecated":false,"source":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99","signature_version":"v1","target":{"file":"src/gc.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}